Are More European Standard Contractual Clauses Coming?

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same law. This new guidance specifies that personal data processing by organizations in countries outside the European Economic Area (EEA) is governed by the transfer restrictions of Chapter V, even when the organization is subject to the GDPR through the law’s extraterritorial applicability. But the EDPB unhelpfully leaves open the question of how to comply with Chapter V in such circumstances, acknowledging that the required transfer tools are currently “only available in theory.”

Article 3 lays out the GDPR’s territorial scope, including extraterritorial provisions that bring organizations not established in the EEA within the GDPR’s scope when they offer goods and services to or monitor the behavior of individuals in the EEA. Meanwhile, Chapter V (Articles 44-50) restricts transfers of personal data to countries outside the EEA unless appropriate transfer tools,

Read the article